Cryptology ePrint Archive: Report 2005/149

Conditionally Verifiable Signatures

Aldar C-F. Chan and Ian F. Blake

Abstract: We introduce a new digital signature model, called conditionally
verifiable signature (CVS), which allows a signer to specify and
convince a recipient under what conditions his signature would
become valid and verifiable; the resulting signature is not publicly
verifiable immediately but can be converted back into an ordinary
one (verifiable by anyone) after the recipient has obtained proofs,
in the form of signatures/endorsements from a number of third party
witnesses, that all the specified conditions have been fulfilled. A
fairly wide set of conditions could be specified in CVS. The only
job of the witnesses is to certify the fulfillment of a condition
and none of them need to be actively involved in the actual
signature conversion, thus protecting user privacy. It is
guaranteed that the recipient cannot cheat as long as at least one
of the specified witnesses does not collude. We formalize the
concept of CVS and give a generic CVS construction based on any
CPA-secure identity based encryption (IBE) scheme. Theoretically, we
show that the existence of IBE with indistinguishability under a
chosen plaintext attack (a weaker notion than the standard one) is
necessary and sufficient for the construction of a secure
CVS.\footnote{Due to page limit, some proofs are omitted here but
could be found in the full version \cite{CB05ibecvs}.}